扫描报告
0 /100
release
Release deployment management tool for Atlassian Release integration via Membrane CLI
This is a legitimate Release deployment management skill that uses the official Membrane CLI for Atlassian Release integration. All behavior is documented and standard.
可以安装
No action needed. The skill is safe to use as documented.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:44 npm install -g @membranehq/cli |
| 网络访问 | READ,WRITE | READ,WRITE | ✓ 一致 | SKILL.md:70-83 membrane request for API proxy |
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md:44 npm global install |
| 浏览器 | ADMIN | ADMIN | ✓ 一致 | SKILL.md:47-52 OAuth login flow |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developer.atlassian.com/cloud/release/ SKILL.md:19 目录结构
1 文件 · 4.4 KB · 134 行 Markdown 1f · 134L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest (via npx/npm) | npm | 否 | Dynamic version fetch - consider pinning for reproducibility |
安全亮点
✓ Skill contains only documentation (SKILL.md) with no executable code or scripts
✓ All capabilities are clearly declared in SKILL.md with documented purpose
✓ Uses standard OAuth browser-based authentication (membrane login)
✓ Delegates credential management to Membrane's server-side infrastructure
✓ Explicitly advises not to ask users for API keys (best practice)
✓ Uses official Atlassian API documentation as reference
✓ No obfuscation, base64, eval, or hidden instructions detected
✓ No sensitive file access (~/.ssh, ~/.aws, .env) declared or implied
✓ No suspicious network patterns (direct IP calls, C2 communication)